Installing and Configuring Samba (Unix Power Tools, 3rd Edition)

47.2. Installing and Configuring Samba

Go to http://examples.oreilly.com/upt3 for more information on: Samba

Samba is an open source project that implements the Session Message Block (SMB) protocol, which is the core networking language of the Microsoft Windows family. Of course, the dominant networking protocol in Unix is the Transmission Control Protocol/Internet Protocol (TCP/IP). The challenge of the Samba project is to map SMB traffic onto TCP/IP networks. This is no small feat since SMB was designed for small, nonsegmented networks. Because all SMB network machine names exist in one global namespace, the practical size of an SMB network is quite limited. Although there are workgroups and NT domains (dolled-up workgroups with a domain controller), these groups don't partition a network in the same way that IP subnets do. Workgroups are simply an organizational grouping of machine names (although NT domains can also exercise some access control over the resources within their jurisdiction).

Despite these limitations, most offices these days have a very large installed base of Windows servers and workstations. With Samba, your Unix machine can participate in Windows file sharing and print services. In fact, Samba can replace Windows file and print servers in many cases. For the full reference on Samba (plus a good number of useful tips), pick up a copy of Using Samba from O'Reilly & Associates.

Samba consists mainly of two daemons and a host of supporting programs. The smbd daemon is responsible for making your machine's filesystem and printers available to a Windows network. The nmbd daemon handles the mapping of SMB machine names into the IP namespace and browsing other SMB resources. Some Unix systems, like Linux, are also able to mount other SMB drives onto their local filesystems using the smbmnt command.

Samba is available for all popular Unix platforms. The project web site, http://www.samba.org, is mirrored throughout the world, so you should be able to find a server near you. The current stable release of samba will be available as a link called samba-latest.tar.gz. As of this writing, the latest release is 2.2.3a.

After unpacking the archive file, change into the newly created samba subdirectory, become the root user, and type:

# ./configure && make

This bit of shell logic simply means, "Execute the program configure in the current directory. It is important to run the configure as root, since there will be certain tests done that require root access. If it succeeds, run make." If the compilation proceeds without error, you should install the Samba components with:

# make install

Now you can configure Samba to share your system's directories and printers with your Windows neighbors.

There is only one configuration script for both Samba daemons: smb.conf. The Samba build process does not normally create this file for you. However, there are several example smb.conf files in the examples directory of the unpacked source code. These can be easily modified for your system. Alternatively, you may wish to use the web administration tool SWAT (Section 47.4) to configure your installation. It is worth understanding a bit about how to configure smb.conf by hand.

Perhaps the best example configuration to start with is the file called smb.conf.default. Lines that start with a semicolon or pound sign (#) are comments and are ignored by the Samba daemons entirely. Blocks of related options begin with a line that has a label in square brackets. A special block called [global] precedes blocks that define individual shared resources. Global configuration options include what workgroup your machine is part of, what guest account to use for public shares, and which IP addresses are allowed to connect to your SMB service. For instance:

[global]
   workgroup     = MYGROUP
;  hosts allow   = 192.168.1. 192.168.2. 127.
   guest account = pcguest
   log file      = /usr/local/samba/var/log.%m
   max log size  = 50
   security      = user
;  encrypt passwords = yes

Here, all the shares that will be described later in the configuration file will be advertised in the MYGROUP workgroup. Although the next line is commented out, you can use the host allow directive to permit only certain hosts or subnets access to your SMB shares. In this example, machines would have to be in either one of the two class C networks (IPs beginning with 192.168.1 and 192.168.2) or in the class A network (IPs beginning with 127) to even connect to your Samba daemons. Sometimes you will create public shares that won't require a authentication. For these shares, some real Unix account is needed. That account is specified with guest account and is usually a nonprivileged account, like pcguest.

A good rule of thumb when customizing your smb.conf is to leave the defaults in place where you don't fully understand the directive. The defaults err on the side of caution. Unless you have a good reason for changing them, leave the log file and max log size directives as is. The security and encrypt passwords directives are important and are talked about in more detail in Section 47.6. For now, keep the defaults.

Sharing one of your local directories with the SMB network is easy. For instance:

[tmp]
   comment   = Temporary file space
   browseable = yes
   path      = /tmp
   read only = no
   public    = yes

This block describes sharing the local system's /tmp directory with your SMB network. The comment option is a human-readable description of the share that is available to SMB browsers (like the Network Neighborhood application in Windows). The path directive indicates the local path you wish to share. The browseable option, which defaults to yes anyway, makes sure that this share appears in browse lists. The read only statement is set to no, making the share writable by SMB clients that are able to connect (Section 47.6). When the public directive is set to yes, passwords are not required to access this resource.

There are far too many configuration options to detail here. See the Samba documention or Using Samba for the full story.

After you have finished configuring the system, you are ready to run the SMB daemons. You can run these servers (as root) directly from the command line with the following:

# /path/to/samba/bin/smbd -D;
# /path/to/samba/bin/nmbd -D;

You can also have inetd run them. Simply add the following lines to /etc/services:

netbios-ssn   139/tcp
netbios-ns    137/udp

Add the following lines to /etc/inetd.conf:

netbios-snn stream tcp nowait root /path/to/samba/bin/smbd smbd
netbios-ns  dgram upd wait root /path/to/samba/bin/nmbd nmbd

Simply restart inetd to begin answering SMB requests.

To verify that your SMB services are running, use the command-line tool smbclient to browse yourself.

$ smbclient -L netbios-name

Your machine's NETBIOS name (that is, the name by which SMB peers are known) will be your DNS hostname or whatever you set the global directive netbios name to be. If prompted for a password, you can simply hit Enter for now. If your service is running, you should see your shares displayed in a similiar way to the following:

[jjohn@marian upt]$ smbclient -L marian
added interface ip=192.168.1.50 bcast=192.168.1.255 nmask=255.255.255.0
Password:
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 2.2.2]

        Sharename      Type      Comment
        ---------      ----      -------
        homes          Disk      Home Directories
        IPC$           IPC       IPC Service (Samba Server)
        ADMIN$         Disk      IPC Service (Samba Server)
        lp             Printer   hp
        tmp            Disk      Temporary file space
        Server               Comment
        ---------            -------
        MARIAN               Samba Server

        Workgroup            Master
        ---------            -------
        WORKGROUP            MARIAN

-- JJ